Home > OS >  Set the SUID, but didn't get root permissions, during the implementation of big help to look at
Set the SUID, but didn't get root permissions, during the implementation of big help to look at

Time:09-16

[HLC @ localhostcentosa SUID] $ll
Total amount of 8
RWX -- -- -- -- -- -. 1 March 26 root root 10:17 a.t xt
RWS - r - x. 1 root root on March 26, 77 10:07 passwd. Sh
[HLC @ localhostcentosa SUID] $sudo cat a.t xt
Aaaaa
[HLC @ localhostcentosa SUID] $cat passwd. Sh
#!/bin/bash

# chmod 777 a.t xt
Echo 'read a.t xt file content:'
The/a.t xt
[HLC @ localhostcentosa SUID] $./passwd. Sh
The content of the reading a.t xt file
Cat:/a.t xt: permissions not enough
[HLC @ localhostcentosa SUID] $


Want to ask, the use of HLC account executive passwd. Sh, because passwd. Sh the SUID bit for s, should be acquired during the implementation of the root, and reads the a.t xt file content,
But why does suggest authority is not enough, really think impassability, bosses, help explain the
Remark: I think if for some reason, if other users on the passwd. Sh have write permissions, because in the root permissions, acquired during the implementation of the whole system were the user control of the
This kind of behavior is dangerous.

CodePudding user response:

Suid should only in binary order, cannot be used in the script

CodePudding user response:

Suid only for orders and binary program effectively, and executing programs need permissions x with
Valid only in the process of executing the command, can't use on the shell and similar script file

Because it is in the process of execution have root access, only completes will release, if can be used in the script, you can through the script file some permissions operating beyond itself, it is not in conformity with the LINUX security mechanism, therefore, it is not permitted to use the script file

CodePudding user response:

To file: only for binary executable file,
Anyone running binary file
Application program produced by the process of all group are file all
Has nothing to do with program sponsors group identity
To directory, when directory has sgid permissions, all new all files in a directory group
Automatic belongs to a directory of all groups, and file founder group has nothing to do
  • Related